乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-11: 细节已通知厂商并且等待厂商处理中 2015-05-12: 厂商已经确认,细节仅向厂商公开 2015-05-22: 细节向核心白帽子及相关领域专家公开 2015-06-01: 细节向普通白帽子公开 2015-06-11: 细节向实习白帽子公开 2015-06-26: 细节向公众公开
艺龙官方App存储型xss可打到管理员cookie,可shell内网
问题出在艺龙App问题反馈处,可打到管理员cookie,可shell内网
location : http://mobilems.corp.elong.com/feedback_showfeedback.html#? toplocation : undefined cookie : CookieGuid=fb4adf74-eb8f-45a8-84f7-7c7bfe3ae06b; s_eVar46=sogou123; member=15156888725%20%20; SHBrowseHotel=cn=42001194%2C%2C%2C%2C%2C%2C%3B31903063%2C%2C%2C%2C%2C%2C%3B01801685%2C%2C%2C%2C%2C%2C%3B51801079%2C%2C%2C%2C%2C%2C%3B90824113%2C%2C%2C%2C%2C%2C%3B&; SessionGuid=d5da9c48-20ae-4a32-be61-9440a2c5c177; com.eLong.CommonService.OrderFromCookieInfo=Pkid=50&Parentid=50000&Coefficient=0&Status=1&Priority=8000&Makecomefrom=0&Savecookies=0&Cookiesdays=0&Isusefparam=0&Orderfromtype=1&ExpiresTime=0001%2f01%2f01 00%3a00%3a00; SessionSub=LoginRefresh=0-1-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0; TLTCNT=CAB-MAPIAFF20000000000000053; TLTSID=0E72614547654885320F29BE9C04856B; polic_key=UWFXOQE4ATIFMgA3ATJSNwNnUWs%3d%7csid%7cd5da9c48-20ae-4a32-be61-9440a2c5c177%7ctid%7cUWJXMQExATAFKAAyATBSLwNmUWNUKldtBDcBOgBjUDFUb1YxADM%3d; TLTHID=0E1C758848B16C6F1AD7E68F9C6701E6 opener :
HTTP_REFERER : http://mobilems.corp.elong.com/feedback_showfeedback.html HTTP_USER_AGENT : Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0 REMOTE_ADDR : 112.132.228.197
打到管理员cookie
可进一步shell入内网,不继续深入,点到为止
2015-05-11 13:55:13 location : http://mobilems.corp.elong.com/feedback_showfeedback.html#? toplocation : undefined cookie : CookieGuid=fb4adf74-eb8f-45a8-84f7-7c7bfe3ae06b; s_eVar46=sogou123; member=15156888725%20%20; SHBrowseHotel=cn=42001194%2C%2C%2C%2C%2C%2C%3B31903063%2C%2C%2C%2C%2C%2C%3B01801685%2C%2C%2C%2C%2C%2C%3B51801079%2C%2C%2C%2C%2C%2C%3B90824113%2C%2C%2C%2C%2C%2C%3B&; SessionGuid=d5da9c48-20ae-4a32-be61-9440a2c5c177; com.eLong.CommonService.OrderFromCookieInfo=Pkid=50&Parentid=50000&Coefficient=0&Status=1&Priority=8000&Makecomefrom=0&Savecookies=0&Cookiesdays=0&Isusefparam=0&Orderfromtype=1&ExpiresTime=0001%2f01%2f01 00%3a00%3a00; SessionSub=LoginRefresh=0-1-0-0-0-0-0-0-0-0-0-0-0-0-0-0-0; TLTCNT=CAB-MAPIAFF20000000000000053; TLTSID=0E72614547654885320F29BE9C04856B; polic_key=UWFXOQE4ATIFMgA3ATJSNwNnUWs%3d%7csid%7cd5da9c48-20ae-4a32-be61-9440a2c5c177%7ctid%7cUWJXMQExATAFKAAyATBSLwNmUWNUKldtBDcBOgBjUDFUb1YxADM%3d; TLTHID=0E1C758848B16C6F1AD7E68F9C6701E6 opener : HTTP_REFERER : http://mobilems.corp.elo
已证明
赶快修复哦 给个小礼品吧 嘻嘻
危害等级:中
漏洞Rank:10
确认时间:2015-05-12 09:15
感谢白帽子提交漏洞,希望以后对我们工作多多支持!
暂无